git commit: HADOOP-11071. KMSClientProvider should drain the local generated EEK cache on key rollover. (tucu)
Repository: hadoop Updated Branches: refs/heads/trunk c1f832323 - df8c84cba HADOOP-11071. KMSClientProvider should drain the local generated EEK cache on key rollover. (tucu) Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/df8c84cb Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/df8c84cb Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/df8c84cb Branch: refs/heads/trunk Commit: df8c84cba8512058f5097c6faeedf4b65cab3806 Parents: c1f8323 Author: Alejandro Abdelnur t...@apache.org Authored: Mon Sep 8 10:12:16 2014 -0700 Committer: Alejandro Abdelnur t...@apache.org Committed: Mon Sep 8 11:31:30 2014 -0700 -- hadoop-common-project/hadoop-common/CHANGES.txt | 3 +++ .../crypto/key/KeyProviderCryptoExtension.java | 11 ++ .../crypto/key/kms/KMSClientProvider.java | 9 +++- .../hadoop/crypto/key/kms/ValueQueue.java | 13 .../hadoop/crypto/key/TestValueQueue.java | 14 + ...rKeyGeneratorKeyProviderCryptoExtension.java | 22 .../hadoop/crypto/key/kms/server/TestKMS.java | 17 +++ 7 files changed, 88 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/hadoop/blob/df8c84cb/hadoop-common-project/hadoop-common/CHANGES.txt -- diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index fe011fd..0417b0a 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -771,6 +771,9 @@ Release 2.6.0 - UNRELEASED HADOOP-11073. Credential Provider related Unit Tests Failure on Windows. (Xiaoyu Yao via cnauroth) +HADOOP-11071. KMSClientProvider should drain the local generated EEK cache +on key rollover. (tucu) + Release 2.5.1 - UNRELEASED INCOMPATIBLE CHANGES http://git-wip-us.apache.org/repos/asf/hadoop/blob/df8c84cb/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java -- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java index e2fb5cb..fed7e9e 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java @@ -179,6 +179,13 @@ public class KeyProviderCryptoExtension extends throws IOException; /** + * Drains the Queue for the provided key. + * + * @param keyName the key to drain the Queue for + */ +public void drain(String keyName); + +/** * Generates a key material and encrypts it using the given key version name * and initialization vector. The generated key material is of the same * length as the codeKeyVersion/code material of the latest key version @@ -313,6 +320,10 @@ public class KeyProviderCryptoExtension extends // NO-OP since the default version does not cache any keys } +@Override +public void drain(String keyName) { + // NO-OP since the default version does not cache any keys +} } /** http://git-wip-us.apache.org/repos/asf/hadoop/blob/df8c84cb/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java -- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java index acbe096..899b6c4 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java @@ -590,7 +590,9 @@ public class KMSClientProvider extends KeyProvider implements CryptoExtension, conn.setRequestProperty(CONTENT_TYPE, APPLICATION_JSON_MIME); Map response = call(conn, jsonMaterial, HttpURLConnection.HTTP_OK, Map.class); -return parseJSONKeyVersion(response); +KeyVersion keyVersion = parseJSONKeyVersion(response); +encKeyVersionQueue.drain(name); +return keyVersion; } @@ -713,6 +715,11 @@ public class KMSClientProvider extends KeyProvider implements CryptoExtension, } @Override + public void drain(String keyName) { +
git commit: HADOOP-11071. KMSClientProvider should drain the local generated EEK cache on key rollover. (tucu)
Repository: hadoop Updated Branches: refs/heads/branch-2 876062ac2 - d510cefd1 HADOOP-11071. KMSClientProvider should drain the local generated EEK cache on key rollover. (tucu) Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/d510cefd Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/d510cefd Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/d510cefd Branch: refs/heads/branch-2 Commit: d510cefd142ecdef124ff9efe85d4856a20c573a Parents: 876062a Author: Alejandro Abdelnur t...@apache.org Authored: Mon Sep 8 10:12:16 2014 -0700 Committer: Alejandro Abdelnur t...@apache.org Committed: Mon Sep 8 11:32:20 2014 -0700 -- hadoop-common-project/hadoop-common/CHANGES.txt | 3 +++ .../crypto/key/KeyProviderCryptoExtension.java | 11 ++ .../crypto/key/kms/KMSClientProvider.java | 9 +++- .../hadoop/crypto/key/kms/ValueQueue.java | 13 .../hadoop/crypto/key/TestValueQueue.java | 14 + ...rKeyGeneratorKeyProviderCryptoExtension.java | 22 .../hadoop/crypto/key/kms/server/TestKMS.java | 17 +++ 7 files changed, 88 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/hadoop/blob/d510cefd/hadoop-common-project/hadoop-common/CHANGES.txt -- diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index ed7b5f8..450053d 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -430,6 +430,9 @@ Release 2.6.0 - UNRELEASED HADOOP-11073. Credential Provider related Unit Tests Failure on Windows. (Xiaoyu Yao via cnauroth) +HADOOP-11071. KMSClientProvider should drain the local generated EEK cache +on key rollover. (tucu) + Release 2.5.1 - UNRELEASED INCOMPATIBLE CHANGES http://git-wip-us.apache.org/repos/asf/hadoop/blob/d510cefd/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java -- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java index e9d7caa..5d3281c 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java @@ -179,6 +179,13 @@ public class KeyProviderCryptoExtension extends throws IOException; /** + * Drains the Queue for the provided key. + * + * @param keyName the key to drain the Queue for + */ +public void drain(String keyName); + +/** * Generates a key material and encrypts it using the given key version name * and initialization vector. The generated key material is of the same * length as the codeKeyVersion/code material of the latest key version @@ -313,6 +320,10 @@ public class KeyProviderCryptoExtension extends // NO-OP since the default version does not cache any keys } +@Override +public void drain(String keyName) { + // NO-OP since the default version does not cache any keys +} } /** http://git-wip-us.apache.org/repos/asf/hadoop/blob/d510cefd/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java -- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java index 14593ed..ea191fc 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java @@ -590,7 +590,9 @@ public class KMSClientProvider extends KeyProvider implements CryptoExtension, conn.setRequestProperty(CONTENT_TYPE, APPLICATION_JSON_MIME); Map response = call(conn, jsonMaterial, HttpURLConnection.HTTP_OK, Map.class); -return parseJSONKeyVersion(response); +KeyVersion keyVersion = parseJSONKeyVersion(response); +encKeyVersionQueue.drain(name); +return keyVersion; } @@ -713,6 +715,11 @@ public class KMSClientProvider extends KeyProvider implements CryptoExtension, } @Override + public void drain(String keyName) { +
[2/7] git commit: HADOOP-11071. KMSClientProvider should drain the local generated EEK cache on key rollover. (tucu)
HADOOP-11071. KMSClientProvider should drain the local generated EEK cache on key rollover. (tucu) Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/df8c84cb Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/df8c84cb Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/df8c84cb Branch: refs/heads/HDFS-6581 Commit: df8c84cba8512058f5097c6faeedf4b65cab3806 Parents: c1f8323 Author: Alejandro Abdelnur t...@apache.org Authored: Mon Sep 8 10:12:16 2014 -0700 Committer: Alejandro Abdelnur t...@apache.org Committed: Mon Sep 8 11:31:30 2014 -0700 -- hadoop-common-project/hadoop-common/CHANGES.txt | 3 +++ .../crypto/key/KeyProviderCryptoExtension.java | 11 ++ .../crypto/key/kms/KMSClientProvider.java | 9 +++- .../hadoop/crypto/key/kms/ValueQueue.java | 13 .../hadoop/crypto/key/TestValueQueue.java | 14 + ...rKeyGeneratorKeyProviderCryptoExtension.java | 22 .../hadoop/crypto/key/kms/server/TestKMS.java | 17 +++ 7 files changed, 88 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/hadoop/blob/df8c84cb/hadoop-common-project/hadoop-common/CHANGES.txt -- diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index fe011fd..0417b0a 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -771,6 +771,9 @@ Release 2.6.0 - UNRELEASED HADOOP-11073. Credential Provider related Unit Tests Failure on Windows. (Xiaoyu Yao via cnauroth) +HADOOP-11071. KMSClientProvider should drain the local generated EEK cache +on key rollover. (tucu) + Release 2.5.1 - UNRELEASED INCOMPATIBLE CHANGES http://git-wip-us.apache.org/repos/asf/hadoop/blob/df8c84cb/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java -- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java index e2fb5cb..fed7e9e 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java @@ -179,6 +179,13 @@ public class KeyProviderCryptoExtension extends throws IOException; /** + * Drains the Queue for the provided key. + * + * @param keyName the key to drain the Queue for + */ +public void drain(String keyName); + +/** * Generates a key material and encrypts it using the given key version name * and initialization vector. The generated key material is of the same * length as the codeKeyVersion/code material of the latest key version @@ -313,6 +320,10 @@ public class KeyProviderCryptoExtension extends // NO-OP since the default version does not cache any keys } +@Override +public void drain(String keyName) { + // NO-OP since the default version does not cache any keys +} } /** http://git-wip-us.apache.org/repos/asf/hadoop/blob/df8c84cb/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java -- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java index acbe096..899b6c4 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java @@ -590,7 +590,9 @@ public class KMSClientProvider extends KeyProvider implements CryptoExtension, conn.setRequestProperty(CONTENT_TYPE, APPLICATION_JSON_MIME); Map response = call(conn, jsonMaterial, HttpURLConnection.HTTP_OK, Map.class); -return parseJSONKeyVersion(response); +KeyVersion keyVersion = parseJSONKeyVersion(response); +encKeyVersionQueue.drain(name); +return keyVersion; } @@ -713,6 +715,11 @@ public class KMSClientProvider extends KeyProvider implements CryptoExtension, } @Override + public void drain(String keyName) { +encKeyVersionQueue.drain(keyName); + } + + @Override public Token?[]
[3/8] git commit: HADOOP-11071. KMSClientProvider should drain the local generated EEK cache on key rollover. (tucu)
HADOOP-11071. KMSClientProvider should drain the local generated EEK cache on key rollover. (tucu) Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/df8c84cb Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/df8c84cb Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/df8c84cb Branch: refs/heads/HDFS-6584 Commit: df8c84cba8512058f5097c6faeedf4b65cab3806 Parents: c1f8323 Author: Alejandro Abdelnur t...@apache.org Authored: Mon Sep 8 10:12:16 2014 -0700 Committer: Alejandro Abdelnur t...@apache.org Committed: Mon Sep 8 11:31:30 2014 -0700 -- hadoop-common-project/hadoop-common/CHANGES.txt | 3 +++ .../crypto/key/KeyProviderCryptoExtension.java | 11 ++ .../crypto/key/kms/KMSClientProvider.java | 9 +++- .../hadoop/crypto/key/kms/ValueQueue.java | 13 .../hadoop/crypto/key/TestValueQueue.java | 14 + ...rKeyGeneratorKeyProviderCryptoExtension.java | 22 .../hadoop/crypto/key/kms/server/TestKMS.java | 17 +++ 7 files changed, 88 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/hadoop/blob/df8c84cb/hadoop-common-project/hadoop-common/CHANGES.txt -- diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index fe011fd..0417b0a 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -771,6 +771,9 @@ Release 2.6.0 - UNRELEASED HADOOP-11073. Credential Provider related Unit Tests Failure on Windows. (Xiaoyu Yao via cnauroth) +HADOOP-11071. KMSClientProvider should drain the local generated EEK cache +on key rollover. (tucu) + Release 2.5.1 - UNRELEASED INCOMPATIBLE CHANGES http://git-wip-us.apache.org/repos/asf/hadoop/blob/df8c84cb/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java -- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java index e2fb5cb..fed7e9e 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.java @@ -179,6 +179,13 @@ public class KeyProviderCryptoExtension extends throws IOException; /** + * Drains the Queue for the provided key. + * + * @param keyName the key to drain the Queue for + */ +public void drain(String keyName); + +/** * Generates a key material and encrypts it using the given key version name * and initialization vector. The generated key material is of the same * length as the codeKeyVersion/code material of the latest key version @@ -313,6 +320,10 @@ public class KeyProviderCryptoExtension extends // NO-OP since the default version does not cache any keys } +@Override +public void drain(String keyName) { + // NO-OP since the default version does not cache any keys +} } /** http://git-wip-us.apache.org/repos/asf/hadoop/blob/df8c84cb/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java -- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java index acbe096..899b6c4 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java @@ -590,7 +590,9 @@ public class KMSClientProvider extends KeyProvider implements CryptoExtension, conn.setRequestProperty(CONTENT_TYPE, APPLICATION_JSON_MIME); Map response = call(conn, jsonMaterial, HttpURLConnection.HTTP_OK, Map.class); -return parseJSONKeyVersion(response); +KeyVersion keyVersion = parseJSONKeyVersion(response); +encKeyVersionQueue.drain(name); +return keyVersion; } @@ -713,6 +715,11 @@ public class KMSClientProvider extends KeyProvider implements CryptoExtension, } @Override + public void drain(String keyName) { +encKeyVersionQueue.drain(keyName); + } + + @Override public Token?[]